70 likes | 81 Views
Learn how MAC randomization affects Wi-Fi networks by exploring challenges with device identification, band steering, helpdesk support, and legal requirements. Discover IEEE's response and alternative solutions.
E N D
MAC randomization impacts(WBA liaison to IEEE 802.11) Max Riegel (Nokia) 2019-01-15
MAC randomization in Wi-Fi • WBA liaison to IEEE 802.11 due to mobile operating systems increasingly using randomized MAC addresses for connecting to IEEE 802.11 APs • https://mentor.ieee.org/802.11/dcn/18/11-18-1579-01-0000-2018-09-liaison-from-wba-re-mac-randomization-impacts.docx • While current operating systems still use the true MAC address when connecting to the network in Android P it is planned to create a unique, anonymous MAC for each SSID that the device connects to. • Ref: https://www.androidpolice.com/2018/03/08/android-p-feature-spotlight-per-network-mac-address-randomization-added-experimental-feature/ • Operators will no longer be able to use the MAC address as a reliable unique identifier for the device
MAC address usage in Wi-Fi • MAC-based identification MAC Authentication, MAC whitelisting (MAC is cached on first time usage and subsequent logins re-use it) • Customer to re-sign in and register the device each time the SSID is forgotten. • Long list of devices per customer. • Consistent identification when using Passpoint profiles • In Passpoint, the access is identified through Passpoint profiles, not only through SSID • Even when one specific MAC address may be used for each SSID, device identification may break due to different SSIDs used for the same access profile in Passpoint • Band steering (2.4 GHz and 5 GHz) with different SSIDs used for each band • Devices reported twice on the networks. It breaks band steering with multiple SSIDs. • Band steering based on probe requests • Client steering depends on the probes using the same MAC address as the associated MAC address.
MAC address usage in Wi-Fi, cont. • Pay per use (PPU) passes associated with a MAC address • No way to automatically transfer to another ‘random‘ MAC address, when user reconnecting. • Limited use short-term complimentary services could be accessed by customers repeatedly by getting a new MAC Address • It will allow customers to create another account and get another free session /allowance, simply by forgetting the SSID. • Impacts the ability of the Wi-Fi service to enforce policies tied to specific devices, such as parental controls. • MAC randomization could result in collisions when the same address is used by another device • It would cause issues under the same DHCP server with the users accessing the network. • Analytics rely on the ability to identify a unique device and have that identifier remain consistent over time
MAC address usage in Wi-Fi, cont. • Helpdesks need to be able to identify specific devices that the customer is calling about, and understand how they have behaved over time. • It will also make it more difficult for the user to identify their device to the helpdesk advisor. • If a device has an association failure on first attempting to connect, no guarantee that the same MAC Address be used subsequently. • Access points / Service providers which track the history of devices that have connected will end up with bloated records. • Accounting and billing issues when records are tied to MAC addresses • Blacklisting of devices based on MAC address • Challenges with legal requirements for providing the type of information required for device traceability, device ownership, and legal intercept. • Identification of manufacturer from OUIs or CIDs in the IEEE registry for the purposes of troubleshooting, diagnostics, and analytics.
IEEE 802.11 response • IEEE 802.11 recognizes to the concerns of WBA in its response: • https://mentor.ieee.org/802.11/dcn/18/11-18-1988-02-0arc-proposed-response-to-liaison-from-wba-on-mac-address-randomization-impcats.docx • IEEE 802.11 provides general statement on MAC-based identification (such as MAC Authentication, etc.): • Device or user identification needs to use a specific mechanism that is permanently and privately connected to the device or user. MAC addresses are not private and should not be assumed to be permanent. • The IEEE 802 community built its Standards based on the assumption that such uses would not occur beyond layer 2. • We recognize this assumption may not have been understood by other organizations. Hence, appropriate organizations should be brought in to the discussion (as you are doing) to solve the problem within their specific domains. • IEEE 802.11 acknowledge the need for alternative solutions in particular for • Network analytics and troubleshooting • Device manufacturer identification
IEEE 802.1 thoughts ? • Do we concur with the general statement not to use MAC addresses for device identification ? • Do we have alternative solutions for • Network analytics and troubleshooting ? • Device manufacturer identification ?